As commercial LTE/4G networks become an increasingly common support partner to secure TETRA networks, the communications link between the two bearers is now a critical focus.
A new study from TCCA’s Security and Fraud Prevention Group (SFPG) highlights the need for robust processes and best practice to ensure there are no weaknesses in the interworking mechanism that could be exploited by those with malicious intent.
The 3GPP-specified 4G and future 5G wireless broadband standards are currently being enhanced to support mission critical (MC) speech and data communications. Users on MC broadband networks and those using TETRA for critical communications will therefore require secure interworking.
In some cases, where TETRA provides the critical speech communications, interworking will be a permanent requirement. In other cases, where there is a long-term goal to support voice as well as data communications over MC broadband systems, interworking may be needed for an interim period, but that may still extend for many years.
“It doesn’t matter how highly specified or secure a network is, a single weak link is an open door to potential attackers,” said Trevor Evans, chair of TCCA’s SFPG. “It is essential to mandate an appropriate level of security across both networks and in any intermediate gateway connections.
“The first step is to carry out a detailed threat, vulnerability and risk assessment to ensure the most appropriate security policies are put in place to ensure a robust solution, and careful network configuration will be required in order to obtain the most secure outcome.”
The paper provides an overview of how an MC broadband push-to-talk (PTT) system can be connected to a TETRA system for interworking without compromising the security of either system. The security aspects relating to authenticity, confidentiality, integrity and availability are considered, together with issues of having an interface between two different technologies.
Secure interoperability between TETRA and MC broadband PTT systems is possible. However, user organisations need to be aware of the differences in mechanisms between the two types of system and take them into account, together with their own security needs, when designing an actual solution.
The Security and Fraud Prevention Group (SFPG) is a TCCA Working Group. The SFPG prepares and manages recommendations on the use of encryption in critical communications networks, and controls access to restricted technical information.